CVE-2019-13416

EUVD-2019-4910
Search Guard versions before 24.3 had an issue when Cross Cluster Search (CCS) was enabled, authenticated users are always authorized on the local cluster ignoring their roles on the remote cluster(s).
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 42%
Affected Products (NVD)
VendorProductVersion
search-guardsearch_guard
𝑥
< 24.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://docs.search-guard.com/6.x-25/changelog-searchguard-6-x-24_3
https://search-guard.com/cve-advisory/
https://docs.search-guard.com/6.x-25/changelog-searchguard-6-x-24_3
https://search-guard.com/cve-advisory/